Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

This year's Security Roadmap poster (380,000 were mailed out over the past three weeks) is completely new. The "Defense In Depth" side shows exactly what tools leaders in security are implementing to protect their organizations, and it helps you select short lists of tools that actually work. Gartner's John Pescatore helped us get the categories right. If you threw your copy away (thinking it was like last year) or someone "borrowed" yours, you can order more athttps://store.sans.org/store_category.php?category=merchandis

SANS Lone Star, Houston, TX March 10-16, 2005 Enjoy smaller classes and more time with the instructors. Three tracks for auditors, six for security professionals, plus three special courses on legal aspects of security. http://www.sans.org/lonestar05/ *************************************************************************

DOJ Nets First two P2P Copyright Theft Convictions (19 January 2005)

Two men arrested as a result of last summer's Operation Digital Gridlock have been convicted of copyright theft. William R. Towbridge and Michael Chicoine each pleaded guilty to one count of conspiracy to commit felony criminal copyright infringement which carries a maximum penalty of five years in prison, a US$250,000 fine and restitution to victims; sentencing is scheduled for April 29. The men are also required to destroy all copies of copyrighted software, games, music and movies and the equipment used to create them. -http://www.internetnews.com/xSP/print.php/3461501

University of California at San Diego Computers Compromised Again (18 January 2005)

For the third time in one year, computers containing information belonging to at University of California San Diego students and alumni have been breached. The university has been phasing out the use of Social Security numbers as identifiers, but these computers were among the last that still contained this data. While there is no evidence that the data has been used to steal identities, those whose personal information was compromised have been informed in compliance with California law. The intruder used the servers to store music and video files. -http://www.nbcsandiego.com/education/4103051/detail.html-http://www.signonsandiego.com/news/education/20050118-9999-1m18hack.html

THE REST OF THE WEEK'S NEWS

ARRESTS, CONVICTIONS AND SENTENCES

A woman in Japan is being charged with illegally accessing for signing on to a former boyfriend's game account and deleting information. The man did not suffer financially as a result of her actions, which she admitted doing in retaliation for the breakup. -http://mdn.mainichi.co.jp/news/20050120p2a00m0dm012000c.html[Editor's Note (Schneier): I'm not sure why this is even considered "news." It's the kind of petty annoyance that's all too common in bad breakups. (Shpantzer): This victim should consider himself lucky. Many cyberstalking/cyberfraud victims are brushed off because of a lack of specialized investigative resources for cybercrimes. ]

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY

Liscouski's Departure from DHS Could Allow Elevated Role for NCSD Director (18/14 January 2005)

Robert Liscouski's resignation from his position of assistant secretary of the Information Analysis and Infrastructure Protection Directorate at DHS opens the door for the possibility of elevating the position of National Cyber Security Division director to that of assistant secretary for cyber-security. Liscouski had expressed reluctance to giving up those responsibilities. A number of other DHS officials have announced their resignations, including DHS chief security officer Jack Johnson and IAIP undersecretary Gen. Frank Libutti. -http://www.eweek.com/print_article2/0,2533,a=142731,00.asp-http://www.fcw.com/fcw/articles/2005/0117/web-johnson-01-18-05.asp

SPAM & PHISHING

Financial Services Hardest Hit by Phishers (24 January 2005)

According to figures from the Anti-Phishing Working Group, there were 9,019 distinct new phishing attacks in December 2004, a 6% increase over the number recorded in November. The number of active phishing sites reported in December was 1,707. Eighty-five percent of the attacks in December targeted financial services institutions. -http://asia.cnet.com/news/security/printfriendly.htm?AT=39214571-39037064t-39000005c-http://www.vnunet.com/news/1160719-http://antiphishing.org/APWG Phishing Activity Report - December 2004.pdf [Editor's Note (Pescatore): Just like with viruses, phishing is common enough now that statistics about numbers of incidents are pretty worthless. It's time now to focus on what percentage of financial institutions have taken steps to protect their customers. ]

Korea to Come Down Hard on Mobile Spammers (24 January 2005)

Korea's Ministry of Information and Communication (MIC) plans to crack down on mobile spammers by imposing higher fines and possibly interfering with their ability to conduct business. MIC has in the past never imposed fines of more than 10 million won (approximately US$9,700), though it has the authority to levy fines of up to 30 million won (approximately US$29,000) on spammers. The Ministry says it will also tell the country's mobile carriers to stop providing services to the spammers. -http://times.hankooki.com/lpage/tech/200501/kt2005012417141211800.htm

COPYRIGHT, PIRACY AND DIGITAL RIGHTS MANAGEMENT

Two US Citizens on Trial for Piracy in China (18 January 2005)

Chinese authorities report that two US citizens are on trial for allegedly selling more than 180,000 counterfeit DVDs, valued at nearly US$1 million, on the Internet. Two Chinese accomplices are reportedly on trial as well. Randolph Hobson Guthrie and Abram Cody Thrush could face 15 years in prison if they are convicted. A verdict has not been reached in the case. -http://seattlepi.nwsource.com/printer/ap.asp?category=1310&slug=China%20US%20Piracy

Proof-of-concept wireless phone Trojan horse programs, dubbed Gavno.a and Gavno.b, pretend to be patches in order to fool users into downloading them. The programs disable phones running the Symbian operating system, requiring users to reset them to factory settings. Gavno.b also includes the Cabir worm, which tries to send a copy of the Trojan to other phones using Bluetooth technology. -http://www.infoworld.com//article/05/01/24/HNmalwarekillssymbian_1.html

"Evil Twin" Wireless Access Points (24/20/19 January 2005)

Researchers at Cranfield University (UK) are warning that "evil twin" wireless access points could be used to intercept sensitive information such as passwords and user names. Attackers could jam legitimate access points and send a stronger wireless signal from a base station close to the client. Wireless users should make sure that the security measures on their devices are activated, and should be cautious about using wireless networks to transmit sensitive data. It is also recommended that personal firewalls are used. Security writer Wayne Rash offers advice on ensuring a secure hotspot experience. -http://asia.cnet.com/news/security/printfriendly.htm?AT=39214556-39037064t-39000005c-http://informationweek.com/story/showArticle.jhtml?articleID=57702643 Wayne Rash: -http://www.securitypipeline.com/57702370[Editor's Note (Pescatore): Using a cute new name like "Evil Twins" just causes confusion - this is just spoofing or a man in the middle attack. The hotspot industry does need to come up with a solution for spoofing for registered subscribers. (Schneier): This is an interesting attack, and one that I suspect would be all too easy for even an experienced wireless user to get caught by, especially if he's using an unfamiliar wireless network. (Shpantzer): This is an issue with the basic design of some wireless systems: The implicit trust that is given to the access point by the wireless endpoints. Some firmware in the wireless endpoints also looks for the strongest available signal and connects to it, again, without authenticating the access point as a legitimate source of connectivity. (Guest Editor Joshua Wright): This weakness has been actively exploited by attackers since early 2003, commonly targeting hotspot wireless networks to steal password or other sensitive information. Organizations using mutual-authentication systems such as PEAP or EAP/TLS will mitigate this threat, since a client will identify the "twin" access point as a rogue device. ]

Microsoft Will Address DRM Issues in Windows Media Player (18 January 2005)

Microsoft will now fix the way its Windows Media Player (WMP) handles downloading digital rights management (DRM) licenses. There have been reports of malicious .mrv files capable of infecting computers with spyware, adware, dialers and viruses. The WMP update, which is expected to be released within 30 days, will allow users more control over when and how pop-ups appear during license acquisition. -http://www.eweek.com/print_article2/0,2533,a=142839,00.asp

MISCELLANEOUS

US Considers Reviewing IBM/Levono Deal for National Security Risks (25 January 2005)

The Committee on Foreign Investments in the United States is considering launching an investigation into whether IBM's proposed sale of IBM's PC business to Chinese computer manufacturer Levono Group Ltd. poses a threat to national security. Some have expressed concern that Chinese computer experts could use an IBM facility to conduct industrial espionage. -http://www.washingtonpost.com/ac2/wp-dyn/A33869-2005Jan24?language=printer

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/